CVE-2003-1378 – Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution
https://notcve.org/view.php?id=CVE-2003-1378
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. • https://www.exploit-db.com/exploits/22280 http://www.securityfocus.com/archive/1/312910 http://www.securityfocus.com/archive/1/312929 http://www.securityfocus.com/bid/6923 https://exchange.xforce.ibmcloud.com/vulnerabilities/11411 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2002-2164 – Alleged Outlook Express 5/6 Link - Denial of Service
https://notcve.org/view.php?id=CVE-2002-2164
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. • https://www.exploit-db.com/exploits/21789 http://archives.neohapsis.com/archives/bugtraq/2002-09/0082.html http://online.securityfocus.com/archive/1/291058 http://www.iss.net/security_center/static/10067.php http://www.securityfocus.com/bid/5682 •
CVE-2002-2202
https://notcve.org/view.php?id=CVE-2002-2202
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email. • http://www.iss.net/security_center/static/10500.php http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0210&L=ntbugtraq&F=P&S=&P=5732 •
CVE-2002-1179 – Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1179
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. • https://www.exploit-db.com/exploits/21932 http://marc.info/?l=bugtraq&m=103435413105661&w=2 http://marc.info/?l=ntbugtraq&m=103429637822920&w=2 http://marc.info/?l=ntbugtraq&m=103429681123297&w=2 http://www.iss.net/security_center/static/10338.php http://www.securityfocus.com/bid/5944 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058 •
CVE-2002-0285
https://notcve.org/view.php?id=CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. Outlook Express 5.5 y 6.0 en Windows trata un retorno de carro (CR) en una cabecera de mensaje como si fuera una combinación válida retorno de carro/avance de línea (CR/LF), lo que podría permitir a atacantes remotos evitar la protección contra virus y/o otros mecanismos de filtrado mediante correos con cabeceras que sólo contienen el CR, lo que hace que Outlook cree cabeceras separadas. • http://marc.info/?l=bugtraq&m=101362077701164&w=2 http://www.iss.net/security_center/static/8198.php http://www.securityfocus.com/bid/4092 •